72ebc223...29a4

c:\users\5jghkoaofdp\desktop\FRS.exe, ...

Blacklisted

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\FRS.exe (Sample File) c:\users\5jghkoaofdp\desktop\frs.exe.frs (Created File)
Size	270.00 KB
Hash Values	MD5: af6d91121887f5bb0a85a06b1ded0db7 SHA1: 3dc746ae351adbaa192400a58c492c83dd7f4a10 SHA256: 72ebc223bef1bf4cabad9c7eb6e520f0d93554f2807d4c8875be24dc3ab129a4
Actions	... File Actions Download File

File Reputation Information

»

Information	Value
Severity	Blacklisted
Names	Win32.Trojan.Agent
Families	Agent
Classification	Trojan

PE Information

»

Information	Value
Image Base	0x400000
Entry Point	0x4a21dc
Size Of Code	0x14e00
Size Of Initialized Data	0x82400
Size Of Uninitialized Data	0x0
Format	x86
Type	Executable
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_GUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2013-03-30 02:01:22
Compiler/Packer	Unknown

Sections (3)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.	0x401000	0xa1000	0x31800	0x200	CNT_CODE, CNT_INITIALIZED_DATA, CNT_UNINITIALIZED_DATA, MEM_EXECUTE, MEM_READ, MEM_WRITE	8.0
.	0x4a2000	0xd6c	0xe00	0x31a00	CNT_CODE, CNT_INITIALIZED_DATA, CNT_UNINITIALIZED_DATA, MEM_EXECUTE, MEM_READ, MEM_WRITE	5.75
.	0x4a3000	0x10f40	0x11000	0x32800	CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE	2.94

Imports (6)

»

KERNEL32.DLL (2)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
GetModuleHandleA	0x0	0x4a20dc	0xa20dc	0x31adc
GetProcAddress	0x0	0x4a20e0	0xa20e0	0x31ae0

oleaut32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
SysFreeString	0x0	0x4a20e8	0xa20e8	0x31ae8

advapi32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
RegCloseKey	0x0	0x4a20f0	0xa20f0	0x31af0

user32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
CharNextA	0x0	0x4a20f8	0xa20f8	0x31af8

SHFolder.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
SHGetFolderPathA	0x0	0x4a2100	0xa2100	0x31b00

Icons (1)

»

c:\users\5jghko~1\appdata\local\temp\ccep00el.bat

Suspicious

»

File Properties
Names	c:\users\5jghko~1\appdata\local\temp\ccep00el.bat (Created File)
Size	2.61 KB
Hash Values	MD5: 60dfa4196aadcc1d7e647a40aaba2b4d SHA1: 97d1d8916ccc631b4d7f6a596d12a299a571c167 SHA256: 3cdfcdb0ccb062fea23cc7605639e3c8b0b1e6de4c318fffd2adb71c9931b001
Actions	... File Actions Download File

File Reputation Information

»

Information	Value
Severity	Suspicious
Names	Script-BAT.Trojan.Ransom
Families	Ransom
Classification	Trojan

c:\users\5jghkoaofdp\appdata\local\qb1143663.0f\chinese_national_flag.png, ...

»

File Properties
Names	c:\users\5jghkoaofdp\appdata\local\qb1143663.0f\chinese_national_flag.png (Created File) c:\users\5jghkoaofdp\desktop\chinese_national_flag.png (Created File) c:\frsramsomware\chinese_national_flag.png (Created File)
Size	9.19 KB
Hash Values	MD5: 82c2228d8775b2a2b1325cb824ee0d1a SHA1: 49fd65ad486e55602308780b81ed80c421c5f8bd SHA256: debbf84b752eef8d137626710fc771bf3d7d1d21d218156dd126915920c6dbc7
Actions	... File Actions Download File

c:\users\5jghkoaofdp\appdata\local\qb1143663.0f\frs_decryptor.exe, ...

»

File Properties
Names	c:\users\5jghkoaofdp\appdata\local\qb1143663.0f\frs_decryptor.exe (Created File) c:\users\5jghkoaofdp\desktop\frs_decryptor.exe (Created File) c:\frsramsomware\frs_decryptor.exe (Created File)
Size	296.00 KB
Hash Values	MD5: a7ffea3a80b4d5e4a39f170dc6603bab SHA1: 1cf36c82454f4c3415feb509c94a3180fa840efa SHA256: c5f6d1db3e0707a8d694989a0eae063109e0ff310b42c0933d9411833301bd29
Actions	... File Actions Download File

PE Information

»

Information	Value
Image Base	0x400000
Entry Point	0x4050b4
Size Of Code	0x4000
Size Of Initialized Data	0x45c00
Size Of Uninitialized Data	0x0
Format	x86
Type	Executable
Subsystem	IMAGE_SUBSYSTEM_WINDOWS_CUI
Machine Type	IMAGE_FILE_MACHINE_I386
Compile Timestamp	2013-03-30 02:01:23
Compiler/Packer	Unknown

Sections (9)

»

Name	Virtual Address	Virtual Size	Raw Data Size	Raw Data Offset	Flags	Entropy
.text	0x401000	0x3928	0x3a00	0x400	CNT_CODE, MEM_EXECUTE, MEM_READ	6.61
.itext	0x405000	0x4b0	0x600	0x3e00	CNT_CODE, MEM_EXECUTE, MEM_READ	4.89
.data	0x406000	0x7b0	0x800	0x4400	CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE	1.26
.bss	0x407000	0x2978	0x0	0x4c00	MEM_READ, MEM_WRITE	0.0
.idata	0x40a000	0x5de	0x600	0x4c00	CNT_INITIALIZED_DATA, MEM_READ, MEM_WRITE	4.42
.tls	0x40b000	0x8	0x0	0x5200	MEM_READ, MEM_WRITE	0.0
.rdata	0x40c000	0x18	0x200	0x5200	CNT_INITIALIZED_DATA, MEM_READ	0.2
.reloc	0x40d000	0x450	0x600	0x5400	CNT_INITIALIZED_DATA, MEM_DISCARDABLE, MEM_READ	5.43
.rsrc	0x40e000	0x44424	0x44600	0x5a00	CNT_INITIALIZED_DATA, MEM_READ	3.23

Imports (49)

»

advapi32.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
RegQueryValueExA	0x0	0x40a168	0xa08c	0x4c8c
RegOpenKeyExA	0x0	0x40a16c	0xa090	0x4c90
RegCloseKey	0x0	0x40a170	0xa094	0x4c94

user32.dll (3)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
GetKeyboardType	0x0	0x40a178	0xa09c	0x4c9c
DestroyWindow	0x0	0x40a17c	0xa0a0	0x4ca0
MessageBoxA	0x0	0x40a180	0xa0a4	0x4ca4

kernel32.dll (17)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
GetACP	0x0	0x40a188	0xa0ac	0x4cac
Sleep	0x0	0x40a18c	0xa0b0	0x4cb0
VirtualFree	0x0	0x40a190	0xa0b4	0x4cb4
VirtualAlloc	0x0	0x40a194	0xa0b8	0x4cb8
GetTickCount	0x0	0x40a198	0xa0bc	0x4cbc
QueryPerformanceCounter	0x0	0x40a19c	0xa0c0	0x4cc0
GetCurrentThreadId	0x0	0x40a1a0	0xa0c4	0x4cc4
VirtualQuery	0x0	0x40a1a4	0xa0c8	0x4cc8
GetStartupInfoA	0x0	0x40a1a8	0xa0cc	0x4ccc
GetCommandLineA	0x0	0x40a1ac	0xa0d0	0x4cd0
FreeLibrary	0x0	0x40a1b0	0xa0d4	0x4cd4
ExitProcess	0x0	0x40a1b4	0xa0d8	0x4cd8
WriteFile	0x0	0x40a1b8	0xa0dc	0x4cdc
UnhandledExceptionFilter	0x0	0x40a1bc	0xa0e0	0x4ce0
RtlUnwind	0x0	0x40a1c0	0xa0e4	0x4ce4
RaiseException	0x0	0x40a1c4	0xa0e8	0x4ce8
GetStdHandle	0x0	0x40a1c8	0xa0ec	0x4cec

kernel32.dll (4)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
TlsSetValue	0x0	0x40a1d0	0xa0f4	0x4cf4
TlsGetValue	0x0	0x40a1d4	0xa0f8	0x4cf8
LocalAlloc	0x0	0x40a1d8	0xa0fc	0x4cfc
GetModuleHandleA	0x0	0x40a1dc	0xa100	0x4d00

user32.dll (1)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
CharPrevA	0x0	0x40a1e4	0xa108	0x4d08

kernel32.dll (21)

»

API Name	Ordinal	IAT Address	Thunk RVA	Thunk Offset
WriteFile	0x0	0x40a1ec	0xa110	0x4d10
WaitForSingleObject	0x0	0x40a1f0	0xa114	0x4d14
SizeofResource	0x0	0x40a1f4	0xa118	0x4d18
SetFileAttributesA	0x0	0x40a1f8	0xa11c	0x4d1c
SetEnvironmentVariableA	0x0	0x40a1fc	0xa120	0x4d20
LockResource	0x0	0x40a200	0xa124	0x4d24
LoadResource	0x0	0x40a204	0xa128	0x4d28
GetWindowsDirectoryA	0x0	0x40a208	0xa12c	0x4d2c
GetFullPathNameA	0x0	0x40a20c	0xa130	0x4d30
GetFileAttributesA	0x0	0x40a210	0xa134	0x4d34
GetExitCodeProcess	0x0	0x40a214	0xa138	0x4d38
GetEnvironmentVariableA	0x0	0x40a218	0xa13c	0x4d3c
GetCurrentProcessId	0x0	0x40a21c	0xa140	0x4d40
GetCommandLineA	0x0	0x40a220	0xa144	0x4d44
FreeResource	0x0	0x40a224	0xa148	0x4d48
FreeLibrary	0x0	0x40a228	0xa14c	0x4d4c
FindResourceA	0x0	0x40a22c	0xa150	0x4d50
DeleteFileA	0x0	0x40a230	0xa154	0x4d54
CreateProcessA	0x0	0x40a234	0xa158	0x4d58
CreateFileA	0x0	0x40a238	0xa15c	0x4d5c
CloseHandle	0x0	0x40a23c	0xa160	0x4d60

c:\users\5jghkoaofdp\appdata\local\qb1143663.0f\read_me_help_me.png, ...

»

File Properties
Names	c:\users\5jghkoaofdp\appdata\local\qb1143663.0f\read_me_help_me.png (Created File) c:\users\5jghkoaofdp\desktop\read_me_help_me.png (Created File) c:\frsramsomware\read_me_help_me.png (Created File)
Size	125.17 KB
Hash Values	MD5: 32555b61eece08c2091ba534ade60e79 SHA1: 2baf7b08d9c136c91173e309825e702d18fbe1e3 SHA256: 64c9e25a8309936f42bcbd71fb676fa09ccafbf66b25470be455bd8d6db0ea7e
Actions	... File Actions Download File

c:\users\5jghkoaofdp\appdata\local\qb1143663.0f\read_me_help_me.txt, ...

»

File Properties
Names	c:\users\5jghkoaofdp\appdata\local\qb1143663.0f\read_me_help_me.txt (Created File) c:\users\5jghkoaofdp\desktop\read_me_help_me.txt (Created File) c:\frsramsomware\read_me_help_me.txt (Created File)
Size	0.89 KB
Hash Values	MD5: 2fbe761d4e8ef1a82476360c674ad881 SHA1: bb5a7318691df1cb5a169ce9fe07364e824ee091 SHA256: 803de6ab58ee7f106e2dbc0b207821b7160ff133b5f1e05871a4a7c6c794f47d
Actions	... File Actions Download File

c:\frs_temp\temp.txt

»

File Properties
Names	c:\frs_temp\temp.txt (Created File)
Size	0.01 KB
Hash Values	MD5: 2863a0f767a37019a3f57c245ae20586 SHA1: f69e1ccf95ab44f33b1db5d9d984bc02070b4257 SHA256: 370dbcfde1ea1f282d9ed3f6bc282948cad2d99ff92767c5bcb4cba67ea06ccd
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\frs_decryptor.exe

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\frs_decryptor.exe (Created File)
Size	0.00 KB
Hash Values	MD5: d41d8cd98f00b204e9800998ecf8427e SHA1: da39a3ee5e6b4b0d3255bfef95601890afd80709 SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

c:\users\5jghko~1\appdata\local\temp\cbug7mrd.bat

»

File Properties
Names	c:\users\5jghko~1\appdata\local\temp\cbug7mrd.bat (Created File)
Size	7.49 KB
Hash Values	MD5: 9c104232adc53feb6096bba0c524563e SHA1: 3513a7eb0b67b708049e6577a6c1bc21ecc77394 SHA256: 6e87c124ab3810cbc17a92e0edfab4231d0716e356733c5fd50af43c373b7e88
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\-twyiucq0.m4a.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\-twyiucq0.m4a.frs (Created File)
Size	53.35 KB
Hash Values	MD5: dcee006e81655888366571c24682e083 SHA1: a5f8003d7f54415c4363c72b416a8323c57404a2 SHA256: 4ee9532e3e697beb49d7bef8ad4dbaaf6184f3a768031e872fd06ff3258f389f
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\43r71_l4m.mp4.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\43r71_l4m.mp4.frs (Created File)
Size	69.14 KB
Hash Values	MD5: 3ebd854dd9c3ec8d8607f079db7311bc SHA1: 2537bc090fe89483aedf0a115a2639128995de14 SHA256: 0d937854c873167a9e2a4f593e67a0d99fe3ef2aebbaff396a610d9a11b9bfa2
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\6eivhqj738.wav.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\6eivhqj738.wav.frs (Created File)
Size	13.46 KB
Hash Values	MD5: 2496421dacbcbc7404e198ebc6b86bfd SHA1: e2cf5ae5d227303b7243f98a2a3f9505c09c4180 SHA256: 812466a0ef6c0727b580af7328a13f9853f9ac94fcf462df9387d782cdbc41fd
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\72imq3onh06hn.mp4.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\72imq3onh06hn.mp4.frs (Created File)
Size	17.19 KB
Hash Values	MD5: 183436de09529a28e9ac29c144c348b0 SHA1: 10791a3b982a7da5f68f6e61a2a06da828901cf0 SHA256: 38e88337f40fdd0750e22e8aa947e16f9fb7403c4d454ccb9a032329cc13323d
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\7hytmofq-a8mf.ods.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\7hytmofq-a8mf.ods.frs (Created File)
Size	68.68 KB
Hash Values	MD5: 0d76b3d5e0d11ee8d9d3ed9ecc02acc0 SHA1: 9bb6113a0e471ba07551e60855c870675efc0b52 SHA256: 72aa19352e1406cbe16bf35e7963a1a367e5af6cbc49709792bddadd28140b59
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\b-t7ydezo3m.png.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\b-t7ydezo3m.png.frs (Created File)
Size	98.94 KB
Hash Values	MD5: 269550c2078b88b7936d5f3bf2801600 SHA1: c4756692d4c759d919145b0c1fb68fc861b85a3e SHA256: 9772ad5560c12638f0daeae983ee4fcca67142be606be5d89219f6c73abae852
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\f_jdlby.rtf.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\f_jdlby.rtf.frs (Created File)
Size	3.73 KB
Hash Values	MD5: d2837a196b6ef9eb33e7b7c823f28720 SHA1: dd57eb156fe893654da5e8518664d0fc0ed3822e SHA256: 636d69b7b5ddee83266a4abccb8f07f6af596ade872bb7c96aa622410fb94e18
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\g3s4_wn8bnwcu.mp4.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\g3s4_wn8bnwcu.mp4.frs (Created File)
Size	82.38 KB
Hash Values	MD5: f2054e74ed713f85a16dc2e6deb4118c SHA1: 2f7f1cefe5bc2bfa6ffba892b065b31fadbfe9f9 SHA256: 3c37ca2e4b4068c4f4dc2077a2ee1e0edb4c9e976da5e6c5fd87d8ffa2edfdc4
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\gutlh6thwjyjtpp.ppt.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\gutlh6thwjyjtpp.ppt.frs (Created File)
Size	76.56 KB
Hash Values	MD5: d293b272ca552c679493d87a71feb284 SHA1: e7fe00a1a76146f5c0a8f78c81ea771f9c90faa5 SHA256: cd4c2d7edbd55225903014fda92684e249f8b9500b02153a5af2ac13eb67be2a
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\hxgdqridex_pfzyh_fbr.odt.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\hxgdqridex_pfzyh_fbr.odt.frs (Created File)
Size	3.37 KB
Hash Values	MD5: 499909564bf72db33ed0c255bc1ae6d1 SHA1: 113730c56f198725fb19c24daffc364223673a89 SHA256: 32f605ca59c7752d8fbe0403dd0ffeebc7fe73758198ae5061ecf63e4e19f219
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\iw7veaa.gif.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\iw7veaa.gif.frs (Created File)
Size	33.39 KB
Hash Values	MD5: 15aea51959164c61fef2d19044e032e2 SHA1: dbf0b78ac22c4a70e496683e023be558898f1cc0 SHA256: 7de7fda5bc53d7dce5c78109a6653c21a0614d37f7d864ec64abfe32db73ec93
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\jbwzgaoqv2ah.flv.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\jbwzgaoqv2ah.flv.frs (Created File)
Size	64.32 KB
Hash Values	MD5: c984395c35a74e33bd4fe5f708282330 SHA1: 9d9b8031a271875b268592dae4836a13441c92c2 SHA256: 9434cde78649d68fd68a0a45e0cf1ad8c4301f875dbee94161096ac1da8e286a
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\j_3z6ryq7l9u.m4a.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\j_3z6ryq7l9u.m4a.frs (Created File)
Size	62.08 KB
Hash Values	MD5: ed73813eab986cd2303a51b5e8051bc1 SHA1: 8d7351e887cd1ebb7ea2710fe0d646d8070953dd SHA256: d3dcb98f8da72b0c45e60158086d6b644822e68166008844541a78ff8d4fd38a
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\k5gvz.wav.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\k5gvz.wav.frs (Created File)
Size	94.05 KB
Hash Values	MD5: 508ce3c726933adf93abd8eedc5b005a SHA1: 569ccb4357f3f87fb5544a0cbcbc91f2bad1792c SHA256: 0101760176c291b794d606df5e348ec74eb6e3f0cfe75b0322291710c389bf92
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\o0eprpcorni4z.pdf.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\o0eprpcorni4z.pdf.frs (Created File)
Size	71.70 KB
Hash Values	MD5: cd71310cf533b55c5a275f4239929fc8 SHA1: 08997e3876390c77b70d249f7d77ba9964c68afb SHA256: 6f7cc559a7042dbf0ceff557109c254eb4062190b1293c180ea35672c630d1c0
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\ou5cauoh-hbi.mkv.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\ou5cauoh-hbi.mkv.frs (Created File)
Size	88.02 KB
Hash Values	MD5: e2c33287edfe95df3dfa900fda78102d SHA1: aa8176518799665a100da338a0fc8b675c949334 SHA256: 5f1bd322362324d2b035bd6e98efdf87f3e7eccedb9a1d791da7deb74196209a
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\oumvigdyiou8ucwtila.flv.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\oumvigdyiou8ucwtila.flv.frs (Created File)
Size	82.84 KB
Hash Values	MD5: 08f24b055e25872fd313e991ef887dec SHA1: 411395cd6e004e280408174069c70628bd1ffe9c SHA256: 1fd419fa182704cfb521dfac7d07c587c267a9e4ed53d57a396a5b1e3bf2a9dc
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\rbzj46dm.m4a.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\rbzj46dm.m4a.frs (Created File)
Size	30.43 KB
Hash Values	MD5: 2a284da4cf07876212e13fd54e2ddbfd SHA1: 5222e59a481d36bbdff7bc5ea6481c43719549d9 SHA256: 5000eede1639316cc33f743488c3d3e533232699c77ddf2664ee4bc712ecaa0f
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\rpgefllksk.m4a.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\rpgefllksk.m4a.frs (Created File)
Size	51.05 KB
Hash Values	MD5: 8c1d7449ef6dcb78b80c2b9527cf7277 SHA1: b70f4132f25f68cd0a9e3c3c0d1545dbe970fce5 SHA256: 127035ce04036b82706a618a469267e55131db5f19863db4c9ccc71af1eb635e
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\uc2u5sgsnmjje2.pps.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\uc2u5sgsnmjje2.pps.frs (Created File)
Size	48.65 KB
Hash Values	MD5: 73de605f134a83bd00cb7fe7150a40ce SHA1: 4fbdabacf32f4a846d0cff9a1d08bee04db7f53b SHA256: 0ac641c5ebaba9910c7ed220e39b3fb4ffb4e712aa3b02cbbbac73dcbf37a6f1
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\v7afohjmdiyo.m4a.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\v7afohjmdiyo.m4a.frs (Created File)
Size	47.28 KB
Hash Values	MD5: 073cd8e4860baf9a00fa79000beee23d SHA1: fdbc210481856e1e1d55cecc31ca072e2fe2b5f3 SHA256: 3d03bc068aac9e4e6adf0786a1290dba4a38c6b21f3a7c2cf7005833d97e924d
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\w5 xas-kum9kx.odp.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\w5 xas-kum9kx.odp.frs (Created File)
Size	95.10 KB
Hash Values	MD5: 542b40123d45e6e76ac33bc919a16cfc SHA1: af6c3e4e309597d2e129d20e504f2ecf59cf5911 SHA256: cb0a928b2180e46159a711d91fb2971b324f1c18eb08ee249cd3904d0a1410fb
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\wu_4n34grxa-1p.swf.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\wu_4n34grxa-1p.swf.frs (Created File)
Size	60.28 KB
Hash Values	MD5: 9471b77626099684c8ec0f9d55447ae3 SHA1: cd0ff9b7410801da6e677acd0734215d133f8c88 SHA256: 3d0863eef3952cce1ddf694e40425fa1fb53ee5653882e61fdf3045c365fec30
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\wyeepeitvrxcpbjj6.m4a.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\wyeepeitvrxcpbjj6.m4a.frs (Created File)
Size	81.61 KB
Hash Values	MD5: 203f81e5b580bcf969fc4ba50cb6f2fd SHA1: 8ab09a0ef396b7f94836ef7b3a24812976f8abaf SHA256: 6cd38f6f7d725ba39c60bec5fe272a4325e886ee073b199772945bc585dd259e
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\x 0yrdzrhlk5vrlqse.flv.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\x 0yrdzrhlk5vrlqse.flv.frs (Created File)
Size	58.05 KB
Hash Values	MD5: 50be7f302227d15f188d4fe4c9c7f07a SHA1: 6da972382ae1f1991bccb2d8ec5b55ab3659079e SHA256: e9f2874907d5afc9b71fed88d17e7fc6b332cc6dc285bd4678c2b4581ddb28a4
Actions	... File Actions Download File

c:\users\5jghkoaofdp\desktop\xa1kqskcf8g.rtf.frs

»

File Properties
Names	c:\users\5jghkoaofdp\desktop\xa1kqskcf8g.rtf.frs (Created File)
Size	36.47 KB
Hash Values	MD5: 40084ad9938ea07c00a9272367f128d5 SHA1: 4eb56ff02cffc7fe6129e299e5568802ce439b6c SHA256: 5a78b71823d0db440a1caa285b79ace375450fba316fe744258f9dfc8e7296a5
Actions	... File Actions Download File

c:\users\5jghkoaofdp\links\desktop.lnk.frs

»

File Properties
Names	c:\users\5jghkoaofdp\links\desktop.lnk.frs (Created File)
Size	0.45 KB
Hash Values	MD5: 62f5b1049d3057e85e3fa640277dd003 SHA1: 3ac36b396f6cfee048f33937d65f6763d2d4e3b0 SHA256: 748c8c80c950814f0bc453d7ceec722cd95768295ba4f7dd93e073cebc9dcdbe
Actions	... File Actions Download File

c:\users\5jghkoaofdp\links\downloads.lnk.frs

»

File Properties
Names	c:\users\5jghkoaofdp\links\downloads.lnk.frs (Created File)
Size	0.88 KB
Hash Values	MD5: b5d1dd0aacfbc4d04a768689ba1eaa30 SHA1: 2fb607a6afd71549c7d11a0a0c604b12f2e9eb9e SHA256: 8d7c71ea735939294f518e5ce54200dabcf47d5ebd6bab8a5da11caaf542ffb0
Actions	... File Actions Download File

c:\users\5jghkoaofdp\links\recentplaces.lnk.frs

»

File Properties
Names	c:\users\5jghkoaofdp\links\recentplaces.lnk.frs (Created File)
Size	0.35 KB
Hash Values	MD5: 21bb52a29f0d477e0905152bb5bdc16c SHA1: d6ad4bf96d12d1d0e5cfa358110ecaec9fe5db95 SHA256: fdd1a5c5414fa0a22cfbdf390d1d3f975f8e402474046232ee14f0b8d647edef
Actions	... File Actions Download File

c:\users\5jghkoaofdp\favorites\bing.url.frs

»

File Properties
Names	c:\users\5jghkoaofdp\favorites\bing.url.frs (Created File)
Size	0.20 KB
Hash Values	MD5: 5d42dddda9951546c9d43f0062c94d39 SHA1: 4af07c23ebb93bad9b96a4279bee29eba46be1ee SHA256: e0c0a5a360482b5c5ded8fad5706c4c66f215f527851ad87b31380ef6060696e
Actions	... File Actions Download File

c:\users\5jghkoaofdp\searches\winrt--{s-1-5-21-3643094112-4209292109-138530109-1001}-.searchconnector-ms.frs

»

File Properties
Names	c:\users\5jghkoaofdp\searches\winrt--{s-1-5-21-3643094112-4209292109-138530109-1001}-.searchconnector-ms.frs (Created File)
Size	0.83 KB
Hash Values	MD5: 40b3b87ce35a573e1dab382563e0a7a3 SHA1: 520b1e8705ed2a24b57c3ec34fbf451e502db493 SHA256: 93554d3e433b01eb8735f562bf50f0da24d3ab5c96f9ad94d4885a5747c90bc4
Actions	... File Actions Download File

c:\users\5jghkoaofdp\videos\3cykmen1qsqdl.avi.frs

»

File Properties
Names	c:\users\5jghkoaofdp\videos\3cykmen1qsqdl.avi.frs (Created File)
Size	75.28 KB
Hash Values	MD5: a0e6f04fe4b50311ffb400988f9cab3e SHA1: 148f76881b5b92a1aad3758dc5f41dd1564eaafd SHA256: 0274b329a3423f958cb236a3da7fa96ad6b0383eb3762e0cfb5f7ca7d6621540
Actions	... File Actions Download File

c:\users\5jghkoaofdp\videos\4 evmh.flv.frs

»

File Properties
Names	c:\users\5jghkoaofdp\videos\4 evmh.flv.frs (Created File)
Size	54.65 KB
Hash Values	MD5: 47864d36517c776a087319bb836ba59e SHA1: 1d8c515c34e87582d7f46ceb21d779d3271f9635 SHA256: 523c249e12aef12672a0eafb0d1f8c701825ab5abc4782a0a89a038cd1865356
Actions	... File Actions Download File

c:\users\5jghkoaofdp\videos\75rmilket_ce3woc7.mkv.frs

»

File Properties
Names	c:\users\5jghkoaofdp\videos\75rmilket_ce3woc7.mkv.frs (Created File)
Size	6.63 KB
Hash Values	MD5: b88edbcaf8d15500f45ae1857f895ab6 SHA1: 3ee041af71b5f3eed8ade93e7e2f2d099ed2be3c SHA256: 7db4b34f70bd6cd3b6d5c593313dd45cd54aef5110a2c8286867b1b4e9d895cc
Actions	... File Actions Download File

c:\users\5jghkoaofdp\videos\8tpcncitib7vspp8vwp.flv.frs

»

File Properties
Names	c:\users\5jghkoaofdp\videos\8tpcncitib7vspp8vwp.flv.frs (Created File)
Size	94.68 KB
Hash Values	MD5: a444add3391d3a890deb4843606b974d SHA1: 4b920a595b659fda17d717ade25c5f023013324f SHA256: b0a593957de4c83464d06c4c544af8d1be0ed6a6eedeef2b024a9dceefd19193
Actions	... File Actions Download File

c:\users\5jghkoaofdp\videos\c0w0rxzrwz.swf.frs

»

File Properties
Names	c:\users\5jghkoaofdp\videos\c0w0rxzrwz.swf.frs (Created File)
Size	74.13 KB
Hash Values	MD5: fc07615fe7985d630fe3d14786ec46c1 SHA1: 833976f25847a338f4a14e69da3bcf34c5b2825e SHA256: 95532bc364143266c6a34bac72db46b8c04193e3d3938d1227f7320e770afcd7
Actions	... File Actions Download File

c:\users\5jghkoaofdp\videos\czf7i.swf.frs

»

File Properties
Names	c:\users\5jghkoaofdp\videos\czf7i.swf.frs (Created File)
Size	39.56 KB
Hash Values	MD5: 94e9f8ccd3d9d9be27edcb04c98161b4 SHA1: a0e220b9064ab9ba00268fda1ea3da52f9d6478b SHA256: 44934bd0f23ef97109a1e473b2525436381a16b5fda59780e3f8e774cd092064
Actions	... File Actions Download File

c:\users\5jghkoaofdp\videos\dl_eqdexsjozj_texj21.flv.frs

»

File Properties
Names	c:\users\5jghkoaofdp\videos\dl_eqdexsjozj_texj21.flv.frs (Created File)
Size	20.85 KB
Hash Values	MD5: 0a17f8c421b62fdc1c91fd51918e49a2 SHA1: 5b4e0442145173dc15f366efe4d78c8cd7e64359 SHA256: d65fc9661fbd6b106abed94d285a1d4e668ad91f9fa95f11f6c37e1bfe413605
Actions	... File Actions Download File

c:\users\5jghkoaofdp\videos\f5szn_eaybfcsfn.avi.frs

»

File Properties
Names	c:\users\5jghkoaofdp\videos\f5szn_eaybfcsfn.avi.frs (Created File)
Size	96.23 KB
Hash Values	MD5: de2a40d72b9e79980cc257e2ba98b1a6 SHA1: d5decaf21eef3eb417bb29d5b9e7bd5b2ef5690d SHA256: 56e38e4762a189c8371fb6535d816e75c0123de687c892ce38251785f26996a4
Actions	... File Actions Download File

c:\users\5jghkoaofdp\videos\f7q9iv6zau.swf.frs

»

File Properties
Names	c:\users\5jghkoaofdp\videos\f7q9iv6zau.swf.frs (Created File)
Size	85.16 KB
Hash Values	MD5: 6b819364fc9d3363bfbc4299f649ecbc SHA1: 350784a37eac372b7ec3aa891bf57310827551b4 SHA256: a59493f8211f7b2289d76b5e39945890dff344431d44d64d58b58c16b04625a1
Actions	... File Actions Download File

c:\users\5jghkoaofdp\videos\hlwevmas58agwm.flv.frs

»

File Properties
Names	c:\users\5jghkoaofdp\videos\hlwevmas58agwm.flv.frs (Created File)
Size	9.18 KB
Hash Values	MD5: bc8ded7645fd5d97169fecf26e43d16f SHA1: a8ce4c4ffe0ded5c6e39664999928a0cc7048eac SHA256: 7f12d4acd7b5ac213f86f0bca480e1d8744c057642f3fc2d1096789094bc06ce
Actions	... File Actions Download File

c:\users\5jghkoaofdp\videos\l 1id.mkv.frs

»

File Properties
Names	c:\users\5jghkoaofdp\videos\l 1id.mkv.frs (Created File)
Size	58.21 KB
Hash Values	MD5: 2ec616080fe92cac08672c5047194a70 SHA1: 104971d36b784e7fc8c0723da2f4662c9c660310 SHA256: f69aac2a423743b5e218010122c568097005d4520da01132baafe42dc553c198
Actions	... File Actions Download File

c:\users\5jghkoaofdp\videos\nuwem4__4.mp4.frs

»

File Properties
Names	c:\users\5jghkoaofdp\videos\nuwem4__4.mp4.frs (Created File)
Size	27.77 KB
Hash Values	MD5: 52d5d7579a5f9eaa7c7d94afa9103c13 SHA1: dc86ffe03b6b64f16593be856886210aa188b20e SHA256: bc2dbcac064044f14f61e0e1467319d85a3f4084f61a518608b109e6f2f22f49
Actions	... File Actions Download File

c:\users\5jghkoaofdp\videos\ohc _cgopckuxz.avi.frs

»

File Properties
Names	c:\users\5jghkoaofdp\videos\ohc _cgopckuxz.avi.frs (Created File)
Size	26.94 KB
Hash Values	MD5: 80eea8d616b315ae79ef39b8d3896521 SHA1: 2e395acc07b116583979662dc3024e8d5cc42fb6 SHA256: 80666301663d20ed8277787182c71bf9777c133750bbb2d48db4ea54486a2ad7
Actions	... File Actions Download File

c:\users\5jghkoaofdp\videos\qpuchrfn1q.avi.frs

»

File Properties
Names	c:\users\5jghkoaofdp\videos\qpuchrfn1q.avi.frs (Created File)
Size	19.56 KB
Hash Values	MD5: 16d1e9b07d7ebdb1928add789187df60 SHA1: e566061d0ec7dd6027a86e3e215dd7c5c81c5163 SHA256: 6956e19c7388b79aa3239abefa096e7833c66582bcbf5b207229a8168ba20ad2
Actions	... File Actions Download File

c:\users\5jghkoaofdp\videos\qtjqn-h2jwkxcan.mp4.frs

»

File Properties
Names	c:\users\5jghkoaofdp\videos\qtjqn-h2jwkxcan.mp4.frs (Created File)
Size	34.10 KB
Hash Values	MD5: 3b208dcc47b65eb5b8eea43ae277bd88 SHA1: 1efc3ace15c60e25b308a46b1941d96ab5d19632 SHA256: 12aa78864146685cadf0434b460bde3a59184c692b20f1a748e5049694e9905d
Actions	... File Actions Download File

c:\users\5jghkoaofdp\videos\qzrhrih83gk42.avi.frs

»

File Properties
Names	c:\users\5jghkoaofdp\videos\qzrhrih83gk42.avi.frs (Created File)
Size	44.18 KB
Hash Values	MD5: 7603c131ea98c2de9585dd46668efa22 SHA1: 1d2ac7b661ac015bf0a70641fc13931c0bf1d033 SHA256: 64433447d319c9db1813bcb8d0f563d50c909913929b1ac79f0d17a7b0c042c5
Actions	... File Actions Download File

c:\users\5jghkoaofdp\videos\ttzk.avi.frs

»

File Properties
Names	c:\users\5jghkoaofdp\videos\ttzk.avi.frs (Created File)
Size	23.09 KB
Hash Values	MD5: fd0227079823b6fa9badb920924428f9 SHA1: 9ffd9d6058f96c5a267644674d625720a3b2438f SHA256: cb6a3223b93436d0e15e723506b684f504b965157d3ca893eec921be54cb8384
Actions	... File Actions Download File

c:\users\5jghkoaofdp\videos\x6ay-7vc33brcdpl.mkv.frs

»

File Properties
Names	c:\users\5jghkoaofdp\videos\x6ay-7vc33brcdpl.mkv.frs (Created File)
Size	56.13 KB
Hash Values	MD5: d1072b0c575ce708b8124f1c10981b97 SHA1: 9ee24c8ac4c9ad02f6d094de08b79edec6437c7b SHA256: 2ec252623b1fb312d7c8416c97dcc0d678dcbac04c31705c68f5f24d0290f73e
Actions	... File Actions Download File

c:\users\5jghkoaofdp\videos\_1pm viztec.avi.frs

»

File Properties
Names	c:\users\5jghkoaofdp\videos\_1pm viztec.avi.frs (Created File)
Size	31.50 KB
Hash Values	MD5: 6a87e0f4dd6ce2d23c4a7d38fb6feb2e SHA1: 391de5f05a293d1c2d86b43e67bbf47f6f8d6fcd SHA256: 7e8cf77f934d36627522702ced4d4983b4463bb6aad2bca467f629e6b2544d2e
Actions	... File Actions Download File

c:\users\5jghkoaofdp\pictures\aaera.png.frs

»

File Properties
Names	c:\users\5jghkoaofdp\pictures\aaera.png.frs (Created File)
Size	72.65 KB
Hash Values	MD5: 226d1c68aea9a856b252e01b0e4383d1 SHA1: ec8b8d0ce03a2d975e7bea6f6c6431fbfbc755d8 SHA256: 50bc834145ad60178d201b9b0ff8381dd2fc5c10ed5d7ba441b0c338d7552080
Actions	... File Actions Download File

c:\users\5jghkoaofdp\pictures\bpc_m3aamw.bmp.frs

»

File Properties
Names	c:\users\5jghkoaofdp\pictures\bpc_m3aamw.bmp.frs (Created File)
Size	24.23 KB
Hash Values	MD5: ccb10db03248ae4400a7cc3018c5f0f9 SHA1: 8a836646613cae7048a488a247f8bde931b66931 SHA256: 7fe1b121d77d17a49297e086eaf8d0c686d2c510fc29256f37be878c9be0d6c3
Actions	... File Actions Download File

c:\users\5jghkoaofdp\pictures\dftnsfgtdnqy.bmp.frs

»

File Properties
Names	c:\users\5jghkoaofdp\pictures\dftnsfgtdnqy.bmp.frs (Created File)
Size	19.33 KB
Hash Values	MD5: 2a94ac9fd1c14d172dd881fd169bd9de SHA1: 6682bb4c1c65245a08dd0f4d32e4b4f8e6bb1423 SHA256: 9655f08a129ad5f7147b146391354e410c5b4e70a97fa4a2b9e6fa1a996d8d98
Actions	... File Actions Download File

c:\users\5jghkoaofdp\pictures\q8xcgkv_0fans40lozvi.bmp.frs

»

File Properties
Names	c:\users\5jghkoaofdp\pictures\q8xcgkv_0fans40lozvi.bmp.frs (Created File)
Size	30.52 KB
Hash Values	MD5: 260b77981b4d5c50d663269754e0ea9c SHA1: ebc5024c86bf77ac92f66618df96e29d16164c35 SHA256: 64b175055b754e212c17c6491420381913705b3e5af12347d0b5a70c76c47852
Actions	... File Actions Download File

Number of sample files submitted for analysis	1
Number of files created and extracted during analysis	63
Number of files modified and extracted during analysis	0

Remarks

Files Information

Before

After